Ethereum Ransomware Featured In NSA Codebreaker Challenge

2018-09-25

Each year, the NSA runs a Codebreaker Challenge, a competition aimed at aspiring cryptographers and hackers. Details of the 2018 competition have been published, and there is a twist that may be of interest to blockchain enthusiasts. This year’s fictional scenario involves Ethereum ransomware that has taken over government systems:

“For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain and is set to only be unlocked upon receipt of the ransom payment.”

Participants have two goals: to reverse-engineer the ransomware that is currently locking down the government systems, and to recover the crypto that has been paid by other victims of the ransomware. As Slashdot user eatvegetables explains:

“[The] first half of [the] challenge focuses on network protocol analysis and binary reverse-engineering. [The] second half is all about attempting to exploit the blockchain.”

First Blockchain Scenario

This is the sixth annual Codebreaker Challenge, but it is the first that has involved the blockchain. The first ever competition, which took place in 2013, involved straightforward password cracking. Subsequent competitions involved more complex scenarios: one assignment involved finding a hidden function in a program, and another involved remotely defusing a bomb.

This year’s scenario will involve the trending topic of crypto ransomware, which is a prominent type of cyberattack. Facebook users, the PGA, and entire municipalities have all fallen victim to ransom attacks in recent months.

A live blockchain environment has been created, and participants will use real blockchain tools to solve the problem. Participants can use the Metamask wallet to handle their allocated ETH. The contest organizers are also recommending that participants use the popular Remix IDE to edit the competition’s smart contracts.

How To Participate

The challenge is open to students and faculty with a .edu email address. Only entries by academic participants will be posted on the scoreboard, but independent users can access the contest files on the NSA’s resources page. The competition closes on December 31st.

Note that the competition will not involve the Ethereum mainnet: the NSA is running a private Ethereum chain and distributing valueless ETH to the participants. Nevertheless, the contest is a good sign for the status of blockchain technology, and the event will hopefully raise the profile of the blockchain in educational settings.